Experts from Group-IB’s Digital Risk Protection team discovered 884 scam pages with traffic coming from Facebook advertisements purchased by the fraudsters. The social media campaign offered users the opportunity to invest in one of 35 market-leading firms, including legitimate financial, insurance, transportation, oil, gas, and construction companies.

Group-IB researchers found English, Arabic, and Spanish Facebook ads. In Arabic-language advertisements, scammers enticed individuals with bold claims that they could “earn millions” by investing “a mere $200” amount.

If a user clicked on an ad, they were redirected to a scam page containing legitimate branding from a prominent company, along with a request for their name, email address, and phone number.

After filling out the form, users would receive daily emails claiming to be from a trading portal. Users would be urged to deposit funds into the fake trading account to begin buying stocks. The scammers would even resort to phone calls if a user didn’t respond. The elaborate con also requested bank details, ID, and passport copies.

Also Read: The Largest Data Breaches In The Middle East

“Retail investing is becoming increasingly popular among individuals who are looking for ways to diversify their income. This particular scam is notable as the cybercriminals leverage multiple communication channels, such as email and direct phone calls, as part of their social engineering efforts. We urge individuals to never share personal information or money with third parties unless you are certain of their legitimacy,” said Sharef Hlal, Head of Group-IB’s MEA Digital Risk Protection Analytics Team.

In total, 60% of the scam pages targeted users from the Middle East and Africa (MEA) region. Based on Group-IB’s research, the criminal campaign is thought to have caused $280,000 in financial damages between March and June 2023.

The post 884 Scam Pages Unearthed In $280K Global Investment Scam appeared first on Tech Magazine.

According to Group-IB’s findings, the Asia-Pacific region suffered the greatest concentration of ChatGPT credentials offered for sale, followed by the Middle East and Africa (MEA) region in second place.

Group-IB tech experts explained that when employees take advantage of ChatGPT to optimize business communications and marketing texts, the queries and responses are stored within the AI app. Consequently, any unauthorized access to a ChatGPT account could unearth a wealth of sensitive information.

Also Read: The Largest Data Breaches In The Middle East

Group-IB’s dark web analysis revealed that most compromised ChatGPT accounts were breached by a popular malware program known as “Raccoon Info Stealer”. The virus is often sent by email and can be used by hackers to gain access to sensitive data stored in internet browsers.

In the MENA area, accounts from users in Egypt, Morocco, Algeria, and Turkey topped the “most-infected” list, potentially exposing companies in the region to multiple threat actors.

“Many enterprises are integrating ChatGPT into their operational flow,” explained Dmitry Shestakov, Head of Threat Intelligence at Group-IB. “Employees enter classified correspondences or use the bot to optimize proprietary code. Given that ChatGPT’s standard configuration retains all conversations, this could inadvertently offer a trove of sensitive intelligence to threat actors if they obtain account credentials. At Group-IB, we continuously monitor underground communities to identify such accounts promptly”.

To mitigate the risks posed by compromised ChatGPT accounts, Group-IB suggests that users update passwords using current best practices while also implementing two-factor authentication.

The post 100K+ Compromised ChatGPT Accounts Found On Dark Web appeared first on Tech Magazine.

Between February and March 2023, Group-IB researchers based in Dubai identified over 3,200 Facebook profiles falsely claiming to be written by Meta support staff in over 20 languages. Upon discovering the scammers’ accounts, Group-IB’s Computer Emergency Response Team shared information with Facebook, which it must be noted had already deleted some of the offending profiles.

The cybercriminals’ goal was to hack the Facebook accounts of public figures and celebrities, businesses, sports teams, and individual accounts. As part of the elaborate scam, cookie data, and session hijacking were employed, though the criminals mostly used traditional phishing techniques to trick people into voluntarily entering email and password information.

Group-IB researchers began tracking this widespread scam in February 2023. As well as 3,200 fake Facebook profiles containing scam posts, the cybersecurity experts also discovered 220 websites intended to trick users into parting with their data.

The Details Of The Scam

This Facebook scammers used social engineering techniques to trick users into thinking their accounts were marked for suspension due to copyright violations. If victims attempted to verify their profile to prevent it from being blocked, they would be taken to a phishing website, where they were presented with a page that contained official-looking Meta or Facebook branding.

Also Read: Filmmaker Uses AI To Visualize Thousands Of Leaked Passwords

“Cybercriminals can use compromised accounts to launch further phishing attacks. Individuals can suffer legal and reputational damage [and] threat actors could also gain access to the victim’s financial services [and] hold compromised accounts for ransom, demanding payment from the victim for retrieval of the account,” says Sharef Hlal, Head of Group-IB’s Digital Risk Protection Analytics Team.

Group-IB recommends social network users ensure that their passwords are “strong and unique, and that they enable two-factor authentication (2FA) to provide an extra layer of security”. In addition, if you’re ever directed away from official social media platform pages, it’s a good idea to closely check the URL to ensure it’s legitimate.

The post Facebook Scammers Pose As Support Staff On 3,200 Fake Profiles appeared first on Tech Magazine.

Digital Risk Protection experts used AI and text analyzing tools to uncover over 2,400 fake job pages impersonating companies from 13 countries. The posts were created on social media platforms throughout the entirety of 2022.

On the job pages, fraudsters spoofed more than 40 of the MENA region’s largest companies. They published vacancies in Arabic offering salaries too good to be true, including “4,500 euros (USD $4,800) for drivers and painters”. Once interested victims interacted with links on the pages, they were taken to fake phishing sites where they were asked to enter login credentials and passwords.

Which Countries Were Targeted?

Arabic-speaking individuals were the exclusive targets of this particular scamming campaign, with Egyptian companies most frequently spoofed by the criminals.

According to Group-IB, “48% of all the fake profiles created on Facebook spoofed companies from Egypt. Organizations from Saudi Arabia (23% of all scam pages), Algeria (16%), Tunisia (7%), and Morocco (4%) were also frequently mimicked as well as offering individuals jobs at the 2022 FIFA World Cup in Qatar”.

What Industries Were Selected?

The scammers responsible for the fake job pages made adverts across multiple industries, though logistics firms were a popular target (64%). Group-IB noted that “scammers targeting MENA users are particularly fond of impersonating logistics enterprises due to the high potential ROI. The food and beverage (20% of scam pages) and petroleum (12%) industries were also heavily impersonated by the scammers, with one particular company being impersonated on more than 1,000 fake pages”.

Also Read: Is Your Phone Hacked? How To Find Out & Protect Yourself

Staying Safe Online

Group-IB warned internet users to stay vigilant and always confirm URLs when following links that supposedly lead to a company’s website — a particularly important habit on social media sites. Users should enable two-factor authentication (2FA) for all online accounts supporting the security feature and ensure they never use the same password across multiple accounts.

The post Cybersecurity Firm Uncovers 2,400+ Fake Arabic Job Pages appeared first on Tech Magazine.

The cybersecurity team found at least 1,000 malicious domains during their research, with most containing a close match to a well-known Saudi agency that offers assistance in hiring employees for the construction and services sector, as well as domestic workers. Scams of this nature are growing at a rate of 10% per year, with more than $55 billion stolen during 2021 alone.

How The Scam Worked

The fake domains and their associated URLs were meant to fool people into thinking they’re the real deal. In addition, each domain featured convincing web pages designed to mimic the official agency website. Scammers were using these web pages to convince people to enter their data, hoping to harvest banking details, as well as both login information and two-factor authentication (2FA) codes.

To drive traffic to these fraudulent websites, the criminals used multiple layers of social engineering, first using ads on Facebook, Twitter, and Google that encouraged SMS or WhatsApp conversations, and then sending unwitting users to the fake sites to enter their details.

Once a user had landed on a fake domain, they were persuaded to part with a small processing fee of 50 or 100 SAR (approximately $13 or $27), which enabled the scammers to harvest banking data to empty accounts and make off with user’s hard-earned cash.

Also Read: Is Your Phone Hacked? How To Find Out & Protect Yourself

“Scammers are becoming increasingly resourceful and collaborative, and spoof domain brokers are actively assisting cybercriminals. We encourage companies and organizations to monitor for signs of brand abuse, and we also urge internet users to remain vigilant so that they do not become victims of scams such as this,” says Mark Alpatskiy, CERT-GIB Senior Analyst.

Falling victim to a phishing scam can be costly, and Internet users are urged to show caution and always check URLs to verify they are legitimate before entering any personal data, as well as ensuring they are in communication with online chat services or call centers of the official company in question.

The post Widespread Phishing Scam Discovered In Saudi Arabia appeared first on Tech Magazine.